According to the latest data, Iran has likely carried out a large-scale cyberattack on the United States, targeting Stryker, a well-known medical equipment manufacturer based in Michigan. As a result of the breach, the company faced significant operational disruptions and decided to disconnect approximately 56,000 of its employees worldwide from the networks.
The attack affected Stryker's internal Microsoft systems; however, connected medical devices remained unharmed. Some medical institutions and emergency services temporarily suspended data transmission via Lifenet, while company employees reported issues in countries such as the USA, Ireland, and Australia. Experts investigating the incident are considering the possibility of credential theft and access to Microsoft Intune, which could have allowed the attackers to wipe data on numerous devices.
The hacker group Handala claimed responsibility for the attack, which, according to Western analysts, has ties to Iranian intelligence services. In their Telegram channel, the hackers justified their actions as revenge for a strike on an Iranian school, which, according to local media reports, resulted in the deaths of more than 160 people, including children. This incident with Stryker underscores that the confrontation in the Middle East extends beyond the region, damaging American businesses through real cyber operations.
Former high-ranking officials and cybersecurity experts note that the Stryker breach is the first significant case where cyber weapons have been used in the context of a broader military crisis involving the United States. Cynthia Kaiser, a former FBI employee, emphasized that the current confrontation uniquely combines digital and traditional warfare from both sides. American authorities have already acknowledged that cyberattacks have become part of the first wave of retaliatory actions against Iran at the end of last month.
Amid uncertainty regarding Washington's intentions in the conflict with Iran, experts anticipate new attacks on American networks. Jen Easterly, former director of CISA, stated that Iranian hackers possess serious capabilities in cyberspace despite the pressures from military actions. According to her estimates, not only critical infrastructure such as water supply, energy, and healthcare are at risk, but any business as well.
Although Western intelligence agencies traditionally view Iran as a less technologically advanced adversary compared to China or Russia, they acknowledge its unpredictability. Iranian hackers often employ less sophisticated methods, such as phishing; however, their effectiveness can sometimes be low. Previously, Washington had warned of potential cyber responses from Tehran following military actions, but major disruptions did not occur. However, in the case of Stryker, the situation changed.
The Handala group, which claimed responsibility for the attack, officially positions itself as independent hacktivists, but Western experts link it to the Iranian state. A study published by the Israeli company Check Point claims that Handala is an entity connected to the Iranian Ministry of Intelligence and Security, which is the country's key intelligence agency. According to Check Point, Handala is actively involved in cyberattacks and has recently expanded its operations to Europe and the USA.
The reasons for the attack on Stryker have not been officially disclosed. Investigators suspect that the attackers may have gained access to an employee or contractor's credentials through a phishing attack, which allowed them to penetrate Microsoft Intune—the device management service. With such access, the hackers could wipe data on numerous laptops and phones. Internal company messages indicate that employees noticed data being cleared on their devices and were advised to remove mobile device management applications.
It is unclear whether the target of the attack on Stryker was accidental or deliberate. In Handala's Telegram channel, this action was characterized as revenge for the strike on the Iranian school, which, according to Iranian media, resulted in the deaths of over 160 people, including children. The Pentagon is currently reviewing the details of this strike and, as reported by The Wall Street Journal, does not rule out the possibility of its connection to the USA.
Since the beginning of the current conflict, other instances of alleged Iranian cyber activity have also been recorded, including attacks on government mail systems in Albania and attempts to hack a nuclear research organization in Poland. However, none of the previous incidents compare in scale and consequences to the attack on Stryker. It is important to note that the tactics of Iranian hackers are becoming increasingly aggressive: they not only inflict damage but also publicly threaten, trying to instill a sense of vulnerability in their victims.
The post "Revenge for the Children": hackers Handala claimed they attacked Stryker after the strike on the Iranian school first appeared on K-News.
